This drawing lays out the components and relevant addresses:
There are several places in the configuration where both an IPv4 address, and it's IPv6 embedded equivalent are used. I've used the convention
a.b.c.d = aabb:ccdd
to show equivalent addresses in the drawing and configurations, where 'a' is the IPv4 numeric, and 'aa' is the IPv6 hex.
For example: 184.108.40.206 => 45FC:5042
The outside interface receives it's IPv4 address via Comcast DHCP. There is no IPv6 address on the outside interface.
There is no IPv4 address on the Tunnel interface. The Tunnel interface only has a link-local IPv6 address, self-generated by the 'ipv6 enable' command. The interface number, Tunnel 6, was chosen for alliteration. Any number could be used.
The inside interface is the VLAN 1 interface on the router. It has a static RFC1918 IPv4 address serving all internal hosts. It has a link-local IPv6 address. The Internet referenced IPv6 address is dynamic, and is derived from the 'general-prefix' config, the outside DHCP address, and the 6RD tunnel configuration. The specific local address is generated from the general-prefix and the EUI-64 process.
The internal IPv6 address prefix is derived from the general prefix (2001:55c) and the hex version of the local outside IPv4 DHCP address. This combination is what makes the IPv6 address unique to you, and how the packets are routed back to across the v6 Internet.
Since parts of the IPv6 configuration are dynamic, a 'general prefix' configuration is used in several places. This configuration uses the label 'Comcast6RD'. This is only a label, and has no special meaning beyond making the configuration more readable.
The IPv4 configuration is typical of a residential home gateway, with a NAT/PAT configuration to the dynamic public IP on the outside interface.
The Comcast configuration information can be found at the above 6RD link. There are no specific IOS details, just these generic values:
The IOS 6RD commands do not support DNS names, only IP addresses. 6rd.comcast.net resolved to 220.127.116.11 (45FC:5042 hex) when this was written, but should be tested for your location. For this reason the configurations were changed to generic v.x.y.z variables in the configuration details. These were the actual tested values:
Since the IPv4 mask is zero, this configuration does not need the 'tunnel 6rd ipv4 prefix-len' command referenced in the generic 6RD example at the docwiki link above.
The test bed used several Windows hosts, running 7, Vista, and 2008. They had no special configuration beyond the default enablement of IPv6. They received their public IPv6 address prefixes via Router Advertisements from the router, and the normal EUI-64 process.
The hosts will need access to DNS servers that can provide AAAA IPv6 addresses, but this can still occur over IPv4 links.
The default route for IPv6 is one of the trickier parts of the configuration. It must have a next hop defined for the 6RD BR at the far end of the tunnel. This next hop address must be derived from the IPv4 address of the BR.
WARNING: There is no NAT, screening ACL, or firewall configuration in this example. The IPv6 addresses received on the internal network are completely routable and open to the Internet. Please take effective precautions and add your own security configuration. (Details on ZFW config will be provided in the future.)
Variables in the following configuration are listed in bold italic. Other common configuration on the interfaces, such as speed/duplex, has been deleted. The 'ip nat' statements are for the IPv4 operation, and have no bearing on the IPv6 configuration.
RouterA#show ipv6 route <redacted> S ::/0 [1/0] via 2001:55C:45FC:5042::, Tunnel6 C 2001:55C:aabb:ccdd::/64 [0/0] via Vlan1, directly connected L 2001:55C:aabb:ccdd:<redacted>:FE98:E0CE/128 [0/0] via Vlan1, receive L FF00::/8 [0/0] via Null0, receive
The key things to look for are that your tunnel source and general prefix agree on the IPv4/IPv6 parts. And that the static route to the BR again has the correct IPv4 referenced IPv6 sections.
Useful IPv6 Test Sites:
I found these sites to be very useful for testing my IPv6 configuration.
Hi Team,I have Configured NAT64 on an ASR. It appears everything is working as required until the outgoing DNS64 Addressed IPv6 packets 'hit the NAT64 server (ASR)' on Int GE0/0/0. Int GE0/0/3.31211 is connected to the IPv6 only host. Keen to hear what th...
For the corp network, we have a velocloud router as the edge device connects to a branch office's velocloud router. Velocloud devices are managed by a 3rd part company which provided our internet connectivity. They work with ATT or Spectrum to provide us ...
Hi everyone, I am very new to Cisco Routing, so please don't mind if this is a trivial question: On my router, the interface gig0/0/1 is the WAN interface and gets an IP address via DHCP from my ISP. I have created a DHCP pool (192.168.1.0/24 wi...
Hi all, I have a new Cisco FirePower 1010 that I have configured for a small remote office. I have most of what I need working including the S2S VPN Tunnel to an ASA 5515.Now, I'm trying to get Cisco APs to lite up over the tunnel and I need to configure ...
Working on setting up a pair of 9300s to be 1 of the egress points for the network w/ a backup site at another location. Currently i have the other location using the default-information originate command w/ a metric of 5 and that works w/o any issu...